Re: Atom protocol and digital signatures

[Don Park <donpark@xxxxxxxxxxxxx>]

Just a few passing comments/suggestions:

1. I think requiring signature-breaking servers to detect and remove invalidated signatures creates unnecessary chores as well as being a potential source of confusion in context of the must-ignore rule.

2. I think it might make more sense to create an extension designed to enhanced digital-signature support. Such an extension would include a 'marker' element to indicate that signatures within, if any, are likely damaged. A feed processing agent downstream can then use the marker to avoid alarming the user unnecessarily.

Best,

Don Park

On Jun 19, 2007, at 5:35 PM, Tim Bray wrote:

On Jun 19, 2007, at 4:43 PM, A. Pagaltzis wrote:

The method for a server to indicate to a third party whether or

not the client signed an Entry Document is by including the

client's signature in the published entry, even though that

signature is likely to be invalid.

I strongly disagree with this. As a consumer, I have no possible

way to know whether an invalid signature is there because

I have to agree with Aristotle on this one.  I think we should simply drop that last sentence.  -Tim